Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Can any compliance officer overcome the encryption problem?

Encryption is great for users of devices and apps. It keeps personal details private, credit cards secure, and other sensitive information safe from hackers by allowing practically impenetrable communication.

But increased security for users means a reduction in transparency and ability to audit communications for governments and companies.

San Bernardino shooter Rizwan Farook’s work phone was a government-issued iPhone 5c.

Apple famously took a stand early this year against the FBI’s order to decrypt Farook’s iPhone. The FBI couldn’t break the passcode and didn’t want to risk destroying data. iPhones have an optoin to erase all data after 10 failed passcode attempts.

The Washinton Post reported yesterday that the FBI paid Gray Hat hackers — independent researchers for hire — to “create a piece of hardware that helped the FBI to crack the iPhone’s four-digit personal identification number without triggering a security feature that would have erased all the data.”

Earlier reports said the FBI bypassed Apple by contracting Israeli firm Cellebrite Mobile to unlock the phone.

The FBI has admitted the method used to hack into Farouk’s iPhone, either by Cellebrite or the Gray Hats, won’t work on the iPhone 5s, which was released in 2013. That model and newer ones have a secure enclave. The secure enclave is a small piece of hardware in every iPhone that acts as a local safe, matched to individual iPhones uniquely.

The secure enclaves in iPhones work so well that Apple itself can’t break into iPhones equipped with it.

Only the correct set of fingerprints or passcode can unlock the device.

Communications apps are using encryption too. Facebook-owned WhatsApp quietly enabled end-to-end encryption for all users by default last week.

An in-depth explanation of end-to-end encryption can be found in WhatsApp’s security document. Essentially it creates an environment where messages between WhatsApp users are protected so that third-parties (including WhatsApp) can’t read them.

Messages can only be decrypted by the recipient. Apple’s iMessage works in a similar way.

Apple’s iMessage encryption structure

Security technology that protects users and consumers have come a long way, and are necessary. Without ecnryption, no one could shop online, book airplane tickets, or do the millions of other things that require encryption to be safe and secure.

But just like Facebook’s Messenger app, great tools can always be used for illegal purposes, including bribery.

No paper trail, no record, and no way for companies or governments to access the information if the key is thrown away.


Harry Cassin is the CEO of Recathlon LLC, owner of the FCPA Blog and other publications. He can be contacted here.

Share this post


Comments are closed for this article!